Questions tagged [smartcard]
The smartcard tag has no usage guidance.
136 questions
2
votes
1
answer
151
views
Firefox doesn't prompt for smart card PIN
I have CAC authentication set up in Firefox according to the instructions militarycac.com. The card is recognized and authenticated successfully with both pcsc_scan and pkcs11-tool --login --test --...
- 153
1
vote
1
answer
176
views
Smart Card SMIME Sign/Encrypt Error with ThunderBird on Ubuntu
When I try to send Sign or Encrypted Email from Thunderbird on Ubuntu, above error appeared. It seems that Thunderbird was unable to a access private key or Certificate?
All Other steps was completed ...
- 11
0
votes
0
answers
280
views
How to remove smart card certificates (use “certutil”) in 2024?
I am trying to use a script to remove smart card certificates in the personal certificate store. I am aware of how to do this manually through internet options however I would like to use a script to ...
1
vote
0
answers
132
views
smart card login without network [closed]
We have many branches that are connected to the headquarters (on-premise Windows domain) via the Internet (ADSL connection -> VPN). Users at the branch offices log into Windows using smart cards. ...
- 13
0
votes
1
answer
1k
views
Local smart card reader / USB passthrough with RDP to VM
I have a virtual machine set up for online banking and want to pass a smart card reader that is connected to my local machine to the virtual machine. Both machines are running the latest Win 11 Pro ...
- 3
1
vote
0
answers
130
views
OpenSC and Firefox on Windows
I have OpenSC and Firefox on Windows. I need to permanently unload OpenSC module from Firefox as it causes problems. I can unload it from Settings\Privacy & Security\Security\Certificates\Security ...
- 155
0
votes
0
answers
206
views
How to use OpenPGP smartcard with Avtor CR-371M reader?
I have an OpenPGP card that was setup on a different computer with a different cardreader and is known to work fine for signing emails with GnuPG. Now I am trying to use it on a Windows 10 desktop ...
- 598
0
votes
1
answer
1k
views
RDP/NLA/CAC Smartcard authentication fails
I am able to RDP into VMs through username and password, but not with CAC. I receive the error "The remote computer that you are trying to connect to requires NLA, but your Windows domain ...
0
votes
0
answers
320
views
How to get rid of a smartcard certificate "user" in my Windows 11 login screen?
I installed a smartcard reader and a smartcard certificate used to sign my company's documents in my system. To my surprise, the smartcard certificate became a "user" in my computer's sign-...
2
votes
0
answers
485
views
4096 bit key generation on OpenPGP card
What is the corresponding command to create a 4096 bit RSA key on an OpenPGP card via gpg(2) --card-edit? The documentation just indicates --algo=. I tried RSAwith different values like 3072 and 4096 -...
- 103
2
votes
2
answers
3k
views
Stop smart cards from caching in Edge/Chrome
When you get a certificate drop-down selection prompt in Edge or Chrome, how do you prevent it from showing certificates belonging to previous users?
Certificate issue:
Background - I'm in charge of ...
- 31
1
vote
0
answers
268
views
private key on OpenPGP smardcard
I am using OpenPGP card (ISO/IEC 7816-4, -8) and a class 3 smart card reader (Reiner SCT Cyber Jack RFID komfort).
Following several guides by using gpg --card-edit -> admin -> GENERATE --force -...
- 103
0
votes
1
answer
1k
views
"Select a smart card device" in an infinite loop instead of asking for a PIN on Windows 11 - how to fix?
Brand new Windows 11 machine, fully up to date.
When trying to access a site using both Edge or Firefox that requires a smartcard, Windows says "select a smart card device" over and over ...
- 611
0
votes
1
answer
568
views
SSH connection with Virtual Smart Card login
I'm using a virtual smart card in order to connect to a Windows remote server via RDP. When I do this it prompts me to insert a PIN, and so I'm done.
The account coupled to this smart card is an admin ...
- 101
0
votes
1
answer
97
views
Use Smartcard for PXE windows install
In our environment we mostly use smartcards for administration tasks in a Windows Domain (tasks such as sensitive NAS shares access, or RDP logons).
Recently, we started using PXE boot to speed up ...
- 137
0
votes
0
answers
612
views
SCardListReaders : Cannot find a smart card reader. (0x8010002E)
My local pc is intel_x86 run on Ubuntu linux
I'm trying to use a smartcard reader that I bought from China. The device is a Zoweetek zw-12026-3. I tried to install the driver from this link https://...
- 13
1
vote
1
answer
601
views
GPG stub for encryption subkey not working
I created the classical set of authentication, signature, and encryption subkeys with gpg, then moved them into a smartcard [ledger nano S], which seemed to work fine as I can see the three subkeys:
$ ...
- 141
2
votes
2
answers
2k
views
How to import OpenPGP Card / YubiKey backup encryption key
When I generate a new OpenPGP key on a YubiKey, it gives me the option to save a copy of the encryption key as a backup like so:
$ gpg --edit-card
Reader ...........: Yubico Yubikey NEO U2F CCID 00 ...
- 123
0
votes
0
answers
180
views
NameConstraints format for UPN values
I'm in the middle of building a new PKI and we are adding name constraints to our issuing CAs with all the usual suspects like DNS, IP, e-mails, directory names etc.
We have a potential smart card ...
- 1
1
vote
2
answers
4k
views
Windows 10 missing service
I'm trying to use a smart card on my computer and I can't get it to read on one of my computers even though using the exact same reader works on the other. Both are running Windows 10 21H1. Plugging ...
- 505
1
vote
0
answers
2k
views
No smart card logon option in Windows 10
I'm not IT trained but I was tasked to implement smart card windows logon for a particular system. The system has a single server (functions as AD and DC) and many client PCs. All the machines are in ...
- 111
1
vote
2
answers
3k
views
firefox - Unable to login via smart card pin on company websites
I'm not able to login via smart card PIN on enterprise websites. This works in other browsers Chrome/Brave/Edge etc.
Secure connection failed
A PKCS #11 module returned CKG_GENERAL_ERROR, indicating ...
- 340
0
votes
0
answers
742
views
RDP + NLA + VPN: Smartcard authentication fails
Inside my company I can login into RDP (NLA is turned on) using my smartcard.
Outside my company I'm not able to login into RDP over VPN using my smartcard when I'm using a non-domain PC. I get the ...
- 395
0
votes
1
answer
1k
views
Smart card reader on Fedora 33 / loading specific driver for usb device
recently we got smart cards and readers to be able to connect to VPN with Cisco AnyConnect. Readers are Identiv SCR3500 A. When plugged in system recognizes this correctly in opensc-tool -l. However ...
- 1
1
vote
2
answers
3k
views
Is it possible to disable PIN entry in Windows 10 when logging in with a Smart Card?
So I have a situation where I would insert a Smart Card into a PCSC Smart Card Reader for the purpose of logging into Windows. The Smart Card contains the certificate and it's not PIN encrypted. ...
- 430
4
votes
1
answer
4k
views
How can I create a "Virtual Smart Card" on my TPM without joining my Windows computer to a Domain?
I want to store a OpenVPN client certificates on our laptops secured by my TPM, so that the certificate can't be stolen/extracted from the laptop even with admin rights.
Microsoft offeres "...
- 2,578
1
vote
2
answers
38
views
When does a card switch to transmission mode, and can it be done forcefully?
Quoting from EMV Book 1:
This contact is used as an input (reception mode) to receive data from the terminal or as an output (transmission mode) to transmit data to the terminal. During operation, ...
OrangeJusticeV
0
votes
1
answer
177
views
How can I determine when a user logs in to a workstation using a certificate as opposed to a username and password?
We have rolled out smart cards and Yubikeys to most of our users. We need to collect metrics on the usage of these MFA devices. Right now we have custom code that runs on the client that does an OK ...
- 101
0
votes
0
answers
783
views
Cannot choose certificate from smart card
I have a smart card that I use to login to and sign documents on governmental websites. The card comes with 2 certificates: one for signing into the websites and another for signing documents on the ...
- 75
0
votes
1
answer
466
views
Mac GPG can't generate smartcard keys
Mac OS X Catalina 10.15.7, Homebrew GPG 2.2.23, brand new Yubikey 5C Nano, homebrew pinentry-mac 0.9.4
% gpg --card-edit
Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: ...
- 101
1
vote
1
answer
55
views
Smart Card Reader (CAC) operation - what deauthorizes session?
We are planning to shock test a USB smartcard reader (CAC reader) for a DoD application, and need to know more about what indications to look for. Our only real concern is that the user remains logged ...
1
vote
1
answer
257
views
Basic configuration of OpenSC
I received a Cherry ST-2000 and a Reiner SCT cyberJack RFID smartcard reader and some smartcards. I wanted to learn a bit about how these things work but I seem to fail a basic step. I tried a few ...
- 76
2
votes
0
answers
2k
views
Why can't I add an elliptic curve certificate (smartcard, Yubikey, piv) as protector to a BitLocker protected partition?
Yubikey as SmartCard
I have been using a SmartCard (Yubikey 4, PIV interface) with RSA certificate to unlock BitLocker protected drives. The certificates are self-signed and generated by the Encrypted ...
- 560
6
votes
0
answers
4k
views
Linux: Sign PDF using a certificate stored in a smart card with a time-stamped signature [closed]
In Linux, I am looking for a way to sign a PDF file using a certificate stored in a smart card similar to the feature offered by adobe acrobat reader (Tools->Certificates->Digitally Sign). The latter ...
- 61
3
votes
1
answer
9k
views
Cannot see hardware security token on my Windows PC
I have a SafeNet Token JC device that provides a certificate when I am connecting to a VPN using CheckPoint VPN Client.
I'm facing an issue that CheckPoint cannot see that device. I have Windows 10 ...
- 131
0
votes
1
answer
159
views
select command in smart card and status word
I use smart card and I upload different applet on the Smart Card.
Q1:**When I Select one applet with PyApdu.exe and after select another applet without reset connection with card reader **SW=9000 ...
- 1
1
vote
1
answer
947
views
Preventing Win 10 from automatically installing certificates from smart cards
A short background on the issue. I have a Yubikey 5 with PIV containing 3 personal certificates. One of the certificates is also installed locally on my Win 10 machine. All the certificates contain ...
- 125
0
votes
0
answers
171
views
Strong encryption for a local file (PGP)
Just a quick disclaimer: I initially posted this question to Crypto site but was told it was too specific for that site.
I am looking for a safe method to encrypt a local file on my machine. Let's ...
- 125
5
votes
0
answers
2k
views
Why does Windows Security stop prompting for my smart card credentials (the "more options" is not showing)?
I'm currently in a Windows 10 domain environment that uses smart card authentication. We are using ActivClient 7.1.0.213 for reading the smart cards. I use a user smart card to login as a user (which ...
- 173
1
vote
1
answer
563
views
How to create a veracrypt volume on the command line not interactively with a keyfile stored on a PKCS#11 token
I am trying to create a new veracrypt container on the command line in a completely interactive fashion. To make things more complicated, I need to store a keyfile on a PKCS#11 token.
From what I ...
- 966
0
votes
1
answer
677
views
OpenPGP: smart card / device not found on Windows 10
I'm trying to read my new GnuPG V3.3 smart card with OpenPGP on Windows 10, Lenovo keyboard with smart card reader, latest driver installed. When launching from CMD command gpg.exe --card-status ...
- 227
0
votes
1
answer
428
views
SSH permission denied using smartcard authentication
Our institute recently adopted smartcard/chip and PIN logins for all computers on the network. Ever since, I have been unable to log in to any of our Linux network hosts via SSH from my Mac (OSX High ...
- 1
0
votes
1
answer
691
views
Implementing OpenSSH Certificates with smartcards
I want to implement public key authentication with CA and smart card. OpenSSH have their own certificate format, which is not x509.
I have a server (SSHD) and a client. I already made public key ...
Ilay Goldman
0
votes
0
answers
3k
views
USB Smart Card Reader to COM Port
I'm facing the following problem:
I have a software that reads/writes Smart Cards through COM Ports. The Smart Card device that i own is plugged through USB therefore recognised as a usb device with ...
- 1
1
vote
1
answer
546
views
Disable PIN caching for Virtual Smart Cards
We want to store digital certificates for PDF signing on Virtual Smart Cards. The default behavior for PIN entering is that the PIN is only entered once during a session. Is it possible to change this ...
- 11
1
vote
0
answers
224
views
How can I connect a CentOS Hyper V guest OS to the smartcard reader on my physical machine?
I'm running Windows 10 Pro with Hyper-V Manager 10. On that Hyper-V I'm running a guest CentOS 7 VM.
I'd like an application on that CentOS VM to read a smartcard that's physically inserted into a ...
- 129
0
votes
0
answers
784
views
Smart card issue with OpenSC (pklogin_finder debug) only on CentOS
I'm trying to use a smart card on CentOS but I'm stuck. I'm using OpenSC, and I need to implement a special module to use my smart card (libgtop11dotnet).
It doesn't work on CentOS, but I tested on ...
- 11
0
votes
0
answers
3k
views
Enabling Smart Card Readers on Windows 10 Pro?
Windows 10 Professional will not natively allow for using a Smart Card for a sign in option. Does anyone have any ideas on how to enable this, like a 3rd party option, or a group-policy edit, IDK?
It ...
1
vote
0
answers
2k
views
Smartcard authentication on CentOS
I tried to implement a smart card authentication in a Samba4 domain (Samba AD).
Currently I have two domain controllers (CentOS), a file server and several clients (CentOS and Windows). In regards to ...
- 11
0
votes
1
answer
667
views
Signing a message with a SmartCard / Yubikey
So I've gone through a pretty bog-standard GPG-key-setup process, and then used addtokey to move said keys onto a Yubikey 4.
Now, on a fresh setup, I want to try and use those keys, to sign something....
- 2,605